One of the first things you do when you set up a WordPress site is work on the colors. It's time to add text and data. But what about WordPress security? Don't allow the fun of setting a site that is new up distract you you're putting online.
The how to fix hacked wordpress Codex has an outline of what permissions are okay. Directory and file permissions can be changed either via an FTP client or within the administrative page from the web host.
Truth is, if a competent master of the script targets your site, there is really no way to prevent an intrusion. What you are about to read below are some precautionary actions you can take to quickly minimize the risk to an acceptable degree. Odds are a hacker would prefer picking simpler victim, another, if your WordPress site is protected.
There is a section of config-sample.php that's headed"Authentication Unique Keys." There are four definitions that appear within the block. There is a hyperlink inside that section of code. You want to enter that link in your browser, copy the contents that you return, and replace the keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically generate a"logged-in" cookie for your site.
Along with adding a secret key to your wp-config.php document, also consider altering your user password to something that is strong and unique. WordPress will let you know the strength of your password, but include amounts, use upper and lowercase letters, and a great tip is to avoid phrases. It's also a good idea to change your password frequently - say once.
Implementing all of the above will take less than an additional hints hour to complete, while making your WordPress site more resistant to intrusions. Over 1 million WordPress sites were cracked last year, largely due to preventable security gaps. Have yourself prepared and i loved this you're likely to be on the safe side.